beansniffer

joined 2 years ago
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

I'm glad you asked, its always good to learn new things! The idea behind having a drive that automatically decrypts on boot is so you have data protection at rest when the server is off but still are able to have the server start up and run the tasks it needs to do without having to input a password before the machine starts up. Encryption keys are stored in the TPM which is usually stored on the CPU and the data should still be protected by the login prompt unless there is some type of bug that bypasses the login prompt.

So imagine a scenario where the power goes out, even just for a small amount of time. The uninterruptible power supply connected to the server allows for clean unmounting of the filesystems and then shuts the server off. The server then comes back on when power is detected from the grid again. If an encrypted drive doesn't have automatic decryption and requires a passphrase before boot, the services that I'm self hosting aren't running. I'm wanting to run home assistant and a security camera NVR so that could mean that I'm stumbling around in the dark tripping over things to get to the server to type in a passphrase, or there could be a robbery and I now have no evidence of who the culprit might be.

Having the drives automatically decrypt in a safe manner helps ensure higher availability (without me spending a small fortune in additional hardware costs because you can usually throw money at a problem to fix it), and data protection in the event of a smash and grab robbery.

The alternative to automatically decrypting drives while ensuring my services work after power failure is to not encrypt the drives at all.

Let me know if you have anymore questions. Thank you for your post.

[–] [email protected] 0 points 1 year ago

It may be helpful to know that the former r/zfs community has migrated to a Discourse server at practicalzfs.com. Might be worth asking there for some expert advice.

I tried posting there, but the mods haven't been there in a couple of days to approve my post. I tried posting on reddit but since reddit is a garbage website that noone should ever visit, I was immediately shadowbanned and noone has seen my posts.

Thanks for your post.

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

 

I've got to admit that when I first heard of the anti-cars community, I was a little skeptical. "Whats wrong with cars?" I thought. But the more I lurked, and the more I watched youtube channels like Not just bikes, the more I understood just how shitty the world is around us. Fuck Cars.

[–] [email protected] 0 points 2 years ago (2 children)

leaving for 5-10% anti-hatred people

Does someone being from the USA or Europe automatically make them anti-Russia? Does someone not being from USA or Europe automatically make them pro-Russia?

Isn't assuming either of these things prejudiced (and dare I say perhaps even racist) against both Americans and Europeans?

[–] [email protected] 0 points 2 years ago (8 children)

Europe is always ready to save white people

You make that sound like its racist for European countries wanting to help out a European neighbor. It isn't.

[–] [email protected] 0 points 2 years ago (2 children)

Take a topic that you know. Something related to your field of work, or your special interest, whatever. Now watch a news video about that topic and notice how laughably wrong they get even basic details. Most people can relate to how wrong the media gets on a topic they're intimately familiar with but then also think they get topics right when talking about other things like world affairs.

[–] [email protected] 1 points 2 years ago* (last edited 2 years ago) (1 children)

Stremio is essentially a glorified torrent client with a nice UI. It runs locally on a device connected to the tv you want to stream to. It behind the scenes searches trackers and downloads from torrents of the content someone wants to watch in a netflix like UI. Someone that wasn't technology literate wouldn't know they were pirating content from torrents if you didn't tell them.

A solution is that you manage the server and jellyfin and your friends/family connect to it.

While a self hosted solution like this would be nice, I would get messages everyday from friends and family frequently asking, "Can you add this movie to the server? Can you add this TV show to the server?" and they would eventually stop asking me and just pay for a streaming service if I forgot to fulfill every request. I would like to avoid having to manually add content to the server if my friends and family can just choose the content their wanting to watch themselves.

 

Now normally I would just setup radarr, sonarr and the like on a seedbox or something if I were looking for a setup for myself, but my friends and family members can't handle something like that. Stremio with torrent addons offers a user friendly netflix-like experience but its not entirely opensource and I can't self host it.

Jellyfin seems to be a popular suggestion for user friendly software with a netflix-like interface but from what I can tell, there isn't automatic torrenting to match the convenience of stremio.

If a family member has to open a webpage or an app to pick out content, then wait for it to download fully, then open up the jellyfin UI to watch content, that might be too complicated for some of my elderly family members to achieve.

Is there an open source/self-hosting torrent/piracy solution that is comparable to stremio in regards to being boomer friendly? Thanks for your comments.

[–] [email protected] 2 points 2 years ago (1 children)

Your case, though, could be easily solved with trains easily solved

while I agree with a lot of your post (certainly more informative than the others), I disagree that the issue could be easily solved. There is a lack of political will (at best) and an outright hostility (at worst) to the very idea of trains and public transportation.

 

Cargo e-bikes generally have a battery capacity limit of around 25 miles (which batteries aren't meant to be fully drained every time they're used anyway).

Any suggestions that don't include the use of cars in a carpool or moving?

Is "Fuck Cars" a pro-city/anti-rural philosophy?